How do I make a self-signed certificate persist in nixos?

You didn't specify what certfile looks like in the first line. If it's a variable thats populated with a builtins.readFile, you can skip that step and just populate the variable yourself.

$> nixos-option security.pki.certificates
Value:
[ "-----BEGIN CERTIFICATE-----
... edited for brevity .... " ]

Default:
[ ]

Example:
[ "NixOS.org\n=========\n-----BEGIN CERTIFICATE-----\nMIIGUDCCBTigAwIBAgIDD8KWMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ\nTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0\n...\n-----END CERTIFICATE-----\n" ]

Description:

A list of trusted root certificates in PEM format.

Declared by:
  "/etc/nixos/nixpkgs/nixos/modules/security/ca.nix"

Defined by:
  "/etc/nixos/user.nix

So, setting security.pki.certificates [ "insert certificate here" ]; would eliminate the file dependency and then the configuration is self contained.

Otherwise, if you wanted to keep the content out of the configuration, you'd need to create packaging/a derivation for it and add it to the store.

How do I make a self-signed certificate persist in nixos?

Tags:

Nixos

Related

Recent Posts